Researchers at Check Point Software Technologies have identified a new mobile adware program, dubbed as LightsOut, in at least 22 illegitimate Android flashlight and utility apps on Google Play Store. These apps have now been removed from the Play Store, but prior to their removal, the apps had been downloaded between 1.5 and 7.5 million times.
What happens is that when any of these 22 apps get downloaded, the user’s decision to disable ads from illegitimate websites would get overridden by the malicious script and then the app’s icon would be hidden so as to prevent its deletion from the device. It is quite clear that the real objective of this campaign is to generate illegal ad revenue at the expense of the innocent and unsuspecting Android users.
As per the findings of some users, some of these ads forced them to answer calls or perform other activities while some noted that despite installing the ad-free version of the Android app, the malicious ad activity continued. Google was informed about the presence of suspicious apps on Play Store, and after they were removed.
“Despite the vast investment Google has recently made in the security of their App Store, ‘LightsOut’ reminds us once again that users need to be wary of downloading from App Stores and are advised to have protection while using them. Many users are still unaware of the dangers lurking for them and continue to install fishy apps such as flashlights,” said Check Point’s technical blog post.
Check Point researchers released a video as well showing the way the attack occurred. The video shows how the infected app offered a checkbox and control panel to the user for enabling or disabling different services such as ads. After different actions such as ending of a call, unlocking of the home screen, plugging in of a charger or enabling of Wi-Fi connection, ad displaying event got triggered.
The ads were not directly linked to LightsOut activity and the app icon was also hidden, therefore, users were clueless about what was causing them to appear. Resultantly, the device gets bombarded with ads and the user has no other choice but to interact with the malicious ads, even to perform the most basic functions, such as to answer a phone call.
The malicious adware campaign was reported by Check Point in its blog post published on January 5. The company noted that in order to prevent such campaigns from invading our mobiles, it is important to firstly, download apps cautiously and carefully, secondly, to have advanced a mobile threat protection software installed apart from anti-virus software.
List of malicious apps is available here.